OpenStack Compute (nova)

Make hairpin behavior for a VIF configurable

Registered by Sean M. Collins on 2013-12-12

Nova's libvirt driver currently enables hairpinning, which breaks IPv6. Nova's firewall drivers create rules to prevent IPv6 traffic from hairpinning, but when using Neutron for firewalling/security groups the packets return to the instance and break IPv6. Neutron should pass in an attribute for the VIF when hairpinning needs to be enabled for an interface. This means that when Neutron is being used, Libvirt should not enable hairpinning by default.

This blueprint is the result of a discussion that disables hairpinning in Nova's libvirt driver.

https://review.openstack.org/#/c/56381/

A blueprint has been registered on the Neutron side to return a VIF attribute that Nova will use.

https://blueprints.launchpad.net/neutron/+spec/vif-attribute-for-hairpinning

Blueprint information

Status:: Complete

Approver:: Russell Bryant

Priority:: Undefined

Drafter:: Sean M. Collins

Direction:: Approved

Assignee:: Sean M. Collins

Definition:: Obsolete

Series goal:: None

Implementation:: Blocked

Milestone target:: None

Started by: Russell Bryant on 2014-02-13

Completed by: Sean M. Collins on 2014-02-13

Related branches

Related bugs

Sprints

Whiteboard

Implementation blocked on completion of Neutron work.

Ian Wells did a spike on this, and posted his comments in review (https://review.openstack.org/#/c/56381/8/nova/virt/libvirt/driver.py,unified) - it appears that only the libvirt driver has this setting, so it would not be utilized widely. That was at least our conclusion at the time.

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

Anthony Veiga

Sergey Ivashev

Shixiong Shang